Reviewing, Renewing, Rethinking: Security Strategy and Architecture

            Security strategy and architecture was on the minds of many security practitioners, as we received a large number of speaking proposals for this track.  Standing out among the submissions are topics addressing how to manage everything from the basics of security and architecture to emerging technologies and the resulting questions and issues to ponder and debate.

            Facing the strong likelihood of a compromise or breach, detecting malicious events was a big focus in this track — especially around different aspects of the Security Operations Center (SOC). The primary mission of the SOC is detecting and responding to incidents.  The role of the SOC analyst is expanding beyond on-premise to also include the cloud. Trying to find the anomalous events in large amounts of data is a difficult undertaking. Automation and orchestration tools attempt to make this easier and more consistent. Staffing a SOC with security analysts and providing the tools is an expensive endeavor — creating a need to demonstrate return on investment (ROI).

            Integrating with third parties, moving data and applications to the cloud, decentralizing datacenters and work locations and using numerous applications to support the business has made security more complex. The notion of zero trust architecture is gaining a lot of popularity, as indicated by the number of submissions on this topic. There is disagreement as to what zero trust really means let alone how to implement it. Does zero trust provide all of the required protection? Is building trust enough or do you also need to know exactly how the data is being used? There is consensus amongst the track proposals that implementing zero trust involves both technical and cultural changes.

            Concentrating the resources on the right risks was also on the mind of several submitters. It may sound simple to answer the question with “protect the most critical assets and information,” but what does that really mean? For some companies, their reputation is the most important asset. For others, the most important asset is customer credit card numbers. While deciding where to focus the resources in protecting the organization, decisions have to also be made on determining the right amount to spend.

            Focusing resources was another big trend. This includes ensuring you are getting the most out of your security tools and professional services. When implementing security tools, it is vital to have a good plan and fully implement the tool. How many times do we see expensive security tools that aren’t being used to their capability because the security team got pulled off into something else and couldn’t finish the deployment? The same holds true when engaging third party professional services to ensure that by the end of the engagement they delivered everything expected. It is also imperative to demonstrate to the business leaders the effectiveness of their investments into security. Developing sound metrics is important to communicate to the decision makers for the ongoing effectiveness of the security program.

            Getting back to the basics of IT and security is on the mind of many. This included areas such as having good backups and patching. It sounds easy, but in complex environments with multiple locations, remote workers, and IoT, this can be very challenging.

Consider attending sessions in the Security Strategy and Architecture track.  There will be a wide range of topics covered.

*** This is a Security Bloggers Network syndicated blog from RSAConference Blogs RSS Feed authored by Merlin Namuth. Read the original post at: